Malicious scripts masquerade as Google Analytics

Malicious scripts masquerade as Google Analytics

Researchers see this code in HTML source so often that it almost never gets a second glance – until now. zveloLABS™ researchers have seen several compromised sites recently using Google Analytics to mask malicious scripts, as in the example below. Decoded, this turns into a script tag that looks like this: Note the use of the “sr?” tag for the Google Analytics URL, with the actual “src” tag pointing to the malicious script at 91.212.65.148. Security researchers out there, be sure to take a second look at that Google Analytics code next time you’re looking at an infected site.

For over 20 years, we have been delivering industry-leading URL Database, Web Categorization, & Malicious Detection solutions. We are proud to support some of the world's leading network security, antivirus, and ad tech companies who are helping to make the internet a safer place for all!